age

Encrypt a file with a passphrase

$ age -p [file.txt] > [file.txt.age]

$ age -d [file.txt.age] > [file.txt]

$ age -r [age1publickey...] [file.txt] > [file.txt.age]

$ age -r [key1] -r [key2] [file.txt] > [file.txt.age]

$ age -R [~/.ssh/id_ed25519.pub] [file.txt] > [file.txt.age]

$ age -d -i [key.txt] [file.txt.age] > [file.txt]

age [-e|-d] [-a] [-i identity] [-r recipient] [-R file] [-o output] [input]

age is a simple, modern file encryption tool with small explicit keys, no config options, and composable with Unix pipes. It's designed as a replacement for GPG with a cleaner interface and fewer footguns.
age supports encryption to one or more recipients, passphrase encryption, and can use SSH keys for recipient-based encryption. The format is designed to be simple and auditable.

-e, --encrypt

Encrypt input (default operation)

Decrypt input

Encrypt with passphrase

Encrypt to recipient public key (repeatable)

Read recipients from file (one per line)

Identity file for decryption

Output file (default: stdout)

Use ASCII armored format

age does not sign files; use age + signify or minisign for authenticated encryption. Keys are not interchangeable with GPG keys. No built-in key management; keys are just files.

age was designed by Filippo Valsorda at Google and released in 2019. It was created to address the complexity and usability issues of GPG while providing a secure, simple encryption tool suitable for modern use cases.

age-keygen(1), gpg(1), ssh-keygen(1)